From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 31915 invoked by alias); 16 Dec 2015 20:23:02 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 31843 invoked by uid 89); 16 Dec 2015 20:23:02 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-HELO: localhost.localdomain Received: from localhost (HELO localhost.localdomain) (127.0.0.1) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 16 Dec 2015 20:23:02 +0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.8 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_NONE,SPF_SOFTFAIL autolearn=no version=3.3.2 spammy=liquid, angles, subversion, protocol To: cygwin@cygwin.com From: David Rothenberger Subject: [ANNOUNCEMENT] Updated: subversion-1.9.3-1 Message-Id: Date: Wed, 16 Dec 2015 20:23:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Reply-To: cygwin@cygwin.com X-SW-Source: 2015-12/txt/msg00182.txt.bz2 SECURITY: ========= This release fixes two security issues: CVE-2015-5259: Remotely triggerable heap overflow and out-of-bounds read caused by integer overflow in the svn:// protocol parser. http://subversion.apache.org/security/CVE-2015-5259-advisory.txt CVE-2015-5343: Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. http://subversion.apache.org/security/CVE-2015-5343-advisory.txt NEWS: ===== Please see the release notes http://subversion.apache.org/docs/release-notes/1.9.html for more details about the changes in Subversion. See http://svn.apache.org/repos/asf/subversion/tags/1.9.3/CHANGES for more details about the changes in 1.9.3. DESCRIPTION: ============ Subversion is a version control system designed to be a compelling successor to CVS. Please see http://svnbook.red-bean.com/nightly/en/index.html for the latest official release of the Subversion Book. QUESTIONS: ========== If you want to make a point or ask a question the Cygwin mailing list is the appropriate place. -- David Rothenberger ---- daveroth@acm.org Cats, no less liquid than their shadows, offer no angles to the wind. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple